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WORKS PROTECTING SYSTEM AND WORKS 
PROTECTING METHOD THEREFOR 

BACKGROUND OF THE INVENTION 
5 1. Field of the Invention: 

The present invention relates to a works protecting 
system for use when AV data is transmitted and received 
between devices, and to a works protecting method 
therefor. 

10 2 . Description of the Related Art : 
f4 AV data, which has been conventionally handled as 

*y analogue data by users, is handled as digital data in 

is I recent years resulting from the widespread use of digital 

fl satellite broadcasting, Internet transmission, DVDs, or 

fjij 15 the like. Additionally, the IEEE1394 high-speed serial 

,k bus capable of transmitting digital data at high speed 

has become practical. From the viewpoint of works 
protection, works protection systems for use when AV data 
is transmitted and received between devices are proposed, 
20 For example, "Copy protect technologies in IEEE1394, 

integration with combined use of public key/common key'', 
Nikkei Electronics, 23 March, 1998, pp. 47-53, describes a 
works protecting system comprising authenticating means 
and encrypting means. Fig. 1 shows the system in a block 
25 diagram and Fig. 2 in a state transition diagram. The 



configuration of the prior art works protecting system is 
as follows. When an AV data transmission direction is 
provided from a user to command input means 11 (Sll), 
authenticating means 51 performs authentication through 
command control means 21 with authenticating means 141 on 
another party (S12). After the authentication, AV data 
transmitting means 31 starts transmission of AV data 
(S13). The AV data is encrypted at encrypting means 41 
using a cryptographic key and transmitted to a 
transmission line through input/output means 61. In a 
transmitting-receiving device on another party, 
input/output means 111 receives the encrypted AV data 
from the transmission line. Decrypting means 131 
decrypts the encrypted AV data using the cryptographic 
key and AV data receiving means 121 receives the 
decrypted AV data. 

As is apparent from the above description, the 
prior art works protecting system performs authentication 
with a transmitting-receiving device on another party 
only after an AV data transmission direction is provided 
from a user, thereby having the disadvantage that it 
takes a long time before transmission of AV data. 



SUMMARY OF THE INVENTION 

In view of the aforementioned prior art 



disadvantage, it is an object of the present invention to 
provide a works protecting system capable of reducing the 
time from an AV data transmission direction to 
transmission of AV data and a works protecting method 
therefor. 

The works protecting system according to the 
present invention comprises an AV data transmitting- 
receiving device for transmitting contents of works and a 
transmitting-receiving device on another party for 
receiving the works, wherein the AV data transmitting- 
receiving device comprises command input means, command 
control means, AV data transmitting means, encrypting 
means, first authenticating means, first input/output 
means, device ID detecting means, and authentication 
histories storing means, wherein the transmitting- 
receiving device on another party comprises second 
input/output means, AV data receiving means, decrypting 
means, and second authenticating means, and wherein the 
authenticating means performs a device authentication 
operation for mutually checking that both of the devices 
are devices based on certain rules, and a key exchange 
operation for sharing a cryptographic key for 
simultaneously encrypting and decrypting the works when 
the transmitting-receiving device on another party with a 
history that authentication has been previously performed 



therefor is connected to a transmission line. 

The works protecting system may comprise an AV data 
transmitting-receiving device for transmitting contents 
of works and a plurality of transmitting-receiving 
5 devices on the other parties for receiving the works, 
wherein the AV data transmitting-receiving device 
comprises command input means, command control means, AV 
data transmitting means, encrypting means, first 
authenticating means, first input/output means, device ID 
10 detecting means, authentication histories storing means, 
q and cryptographic key storing means, wherein each of the 

plurality of transmitting-receiving devices on the other 
parties comprises second input/output means, AV data 
receiving means, decrypting means, and second 
15 authenticating means, and wherein the authenticating 
means performs a device authentication operation for 
mutually checking that both the devices are devices based 
on certain rules, and a key exchange operation for 
sharing a cryptographic key for simultaneously encrypting 
20 and decrypting the works when the transmitting-receiving 
device on another party with a history that 
authentication has been previously performed therefor is 
connected to a transmission line. 

Additionally, the works protecting system may 
25 comprise an AV data transmitting-receiving device for 
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transmitting contents of works and a transmitting- 
receiving device on another party for receiving the works , 
wherein the AV data transmitting-receiving device 
comprises command input means, command control means, AV 
5 data transmitting means, encrypting means, first 

authenticating means, first input/output means, and 
device ID detecting means, wherein the transmitting- 
receiving device on another party comprises second 
input/output means, AV data receiving means, decrypting 
3 10 means, and second authenticating means, and wherein the 

authenticating means performs a device authentication 
sa operation for mutually checking that both the devices are 

fjj devices based on certain rules, and a key exchange 

Q operation for sharing a cryptographic key for 

fjj 15 simultaneously encrypting and decrypting the works when 

M the transmitting-receiving device on another party is 

connected to a transmission line. 

The works protecting method for the works 
protecting system according to the present invention has 
20 the steps of: detecting an ID of the transmitting- 
receiving device on another party with the device ID 
detecting means; checking whether the ID of the 
transmitting-receiving device on another party is 
included in historical information stored in the 
25 authentication histories storing means; performing the 
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device authentication operation and the key exchange 
operation with the second authenticating means on another 
party by the first authenticating means if the ID of the 
transmitting-receiving device on another party is 
included in the historical information; thereafter,, when 
a command input for an AV data transmission direction is 
provided from a user to the command input means, 
notifying the command to the AV data transmitting means 
through the command control means and starting 
transmission of the AV data with the AV data transmitting 
means; if the ID of the transmitting-receiving device on 
another party is not included in the historical 
information, waiting for a command input for an AV data 
transmission direction from a user to the command input 
means; when the command input for the AV data 
transmission direction is provided, performing the device 
authentication operation and the key exchange operation 
with the second authenticating means on another party by 
the first authenticating means; after the device 
authentication and the key exchange operations, recording 
the ID of the transmitting-receiving device on another 
party as historical information in the authentication 
histories storing means; notifying the command to the AV 
data transmitting means through the command control means 
and starting transmission of the AV data with the AV data 
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transmitting means; encrypting the AV data with the 
encrypting means using the cryptographic key and sending 
the encrypted AV data to the first input/output means; 
sending the encrypted AV data to a transmission line with 
the first input/output means; receiving the encrypted AV 
data from the transmission line with the second 
input/output means; decrypting the encrypted AV data with 
the decrypting means using the cryptographic key and 
sending the decrypted AV data to the AV data receiving 
means; and receiving the decrypted AV data with the AV 
data receiving means . 

The works protecting method for the works 
protecting system may have the steps of: detecting an ID 
of the transmitting-receiving device on the first other 
party with the device ID detecting means; checking 
whether the ID of the transmitting-receiving device on 
the first other party is included in historical 
information stored in the authentication histories 
storing means; performing the device authentication 
operation and the key exchange operation with the second 
authenticating means on the first other party by the 
first authenticating means if the ID of the transmitting- 
receiving device on the first other party is included in 
the historical information; recording a cryptographic key 
shared as a result of the key exchange operation as a 



first cryptographic key in the cryptographic key storing 
means; detecting an ID of the transmitting-receiving 
device on the second other party with the device ID 
detecting means; checking whether the ID of the 
transmitting-receiving device on the second other party 
is included in historical information stored in the 
authentication histories storing means; performing the 
device authentication operation and the key exchange 
operation with the second authenticating means on the 
second other party by the first authenticating means if 
the ID of the transmitting-receiving device on the second 
other party is included in the historical information; 
recording a cryptographic key shared as a result of the 
key exchange operation as a second cryptographic key in 
the cryptographic key storing means; thereafter, when a 
command input for an AV data transmission direction for 
the transmitting-receiving device on the first other 
party or for the transmitting-receiving device on the 
second other party is provided from a user to the command 
input means, notifying the command to the AV data 
transmitting means through the command control means and 
starting transmission of the AV data with the AV data 
transmitting means; if the ID of the transmitting- 
receiving device on the first other party is not included 
in the historical information, waiting for a command 
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input for an AV data transmission direction for the 
transmitting-receiving device on the first other party 
from a user to the command input means; when the command 
input for the AV data transmission direction is provided, 
performing the device authentication operation and the 
key exchange operation with the second authenticating 
means on the first other party by the first 
authenticating means; after the device authentication and 
the key exchange operations, recording the ID of the 
transmitting-receiving device on the first other party as 
historical information in the authentication histories 
storing means; recording a cryptographic key shared as a 
result of the key exchange operation as a first 
cryptographic key in the cryptographic key storing means; 
if the ID of the transmitting-receiving device on the 
second other party is not included in the historical 
information, waiting for a command input for an AV data 
transmission direction for the transmitting-receiving 
device on the second other party from a user to the 
command input means ; when the command input for the AV 
data transmission direction is provided, performing the 
device authentication operation and the key exchange 
operation with the second authenticating means on the 
second other party by the first authenticating means; 
after the device authentication and the key exchange 
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operations , recording the ID of the transmitting- 
receiving device on the second other party as historical 
information in the authentication histories storing 
means; recording a cryptographic key shared as a result 
of the key exchange operation as a second cryptographic 
key in the cryptographic key storing means; notifying the 
command to the AV data transmitting means through the 
command control means and starting transmission of the AV 
data to the transmitting-receiving device on the first 
other party or to the transmitting-receiving device on 
the second other party with the AV data transmitting 
means; if the command input for the AV data transmission 
direction for the transmitting-receiving device on the 
first other party is provided from a user to the command 
input means: encrypting the AV data with the encrypting 
means using the first cryptographic key and sending the 
encrypted AV data to the first input/output means; 
sending the encrypted AV data to a transmission line with 
the first input/output means; receiving the encrypted AV 
data from the transmission line with the second 
input/output means on the first other party; decrypting 
the encrypted AV data with the decrypting means on the 
first other party using the first cryptographic key and 
sending the decrypted AV data to the AV data receiving 
means on the first other party; and receiving the 
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decrypted AV data with the AV data receiving means; if 
the command input for the AV data transmission direction 
for the transmitting-receiving device on the second other 
party is provided from a user to the command input means : 
encrypting the AV data with the encrypting means using 
the second cryptographic key and sending the encrypted AV 
data to the first input/output means; sending the 
encrypted AV data to a transmission line with the first 
input/output means; receiving the encrypted AV data from 
the transmission line with the second input/output means 
on the second other party; decrypting the encrypted AV 
data with the decrypting means on the second other party 
using the second cryptographic key and sending the 
decrypted AV data to the AV data receiving means on the 
second other party; and receiving the decrypted AV data 
with the AV data receiving means . 

Additionally, the transmission line for the AV data 
may be the IEEE1394 high-speed serial bus. 

The works protecting system and the works 
protecting method therefor according to the present 
invention are characterized in that it performs device 
authentication and key exchange when a transmitting- 
receiving device with a history that authentication has 
been previously performed therefor is connected to a 
transmission line, and are capable of significantly 



reducing the time from the command input from a user to 
the start of transmission of contents of works as 
compared with the prior art. 

The device ID detecting means detects, when a 
transmitting-receiving device on another party is 
connected to a transmission line, a device ID thereof 
through the input/output means. As a transmission line, 
the IEEE1394 high-speed serial bus may be used, for 
example. The transmitting-receiving device on another 
party is, for example, a device for transmitting and 
receiving contents of works which is configured to have 
input/output means, AV data receiving means, decrypting 
means, and authenticating means. When the device ID 
detecting means detects the device ID of the 
transmitting-receiving device on another party, it is 
checked whether the device ID is included in historical 
information stored in the authentication histories 
storing means. 

If the device ID is included in the historical 
information, the authenticating means performs 
authentication with the authenticating means on another 
party. Authentication includes a device authentication 
operation for mutually checking that both devices are 
devices based on certain rules, and a key exchange 
operation for sharing a cryptographic key for 
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simultaneously encrypting and decrypting works. 
Thereafter , whenever an AV data transmission direction is 
provided from a user to the command input means , the 
command is notified through the command control means to 
the AV data transmitting means which starts transmission 
of AV data. The AV data is encrypted at the encrypting 
means using the cryptographic key and is transmitted to a 
transmission line such as the IEEE1394 high-speed serial 
bus through the input/output means. In the transmitting- 
receiving device on another party, the input/output means 
receives the encrypted AV data from the transmission line 
such as the IEEE1394 high-speed serial bus. The 
decrypting means decrypts the encrypted AV data using the 
cryptographic key and the AV data receiving means 
receives the decrypted AV data. 

If the device ID is not included in the historical 
information, the system waits for an AV data transmission 
direction from a user to the command input means . When 
an AV data transmission direction is provided, the 
authenticating means performs authentication with the 
authenticating means on another party. After the 
authentication, the device ID on another party is 
recorded in the authentication histories storing means as 
historical information. The AV data transmitting means 
starts transmission of AV data. The AV data is encrypted 
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at the encrypting means using the cryptographic key and 
is transmitted to the transmission line through the 
input/output means. In the transmitting-receiving device 
on another party, the input/output means receives the 
5 encrypted AV data from the transmission line. The 

decrypting means decrypts the encrypted AV data using the 
cryptographic key and the AV data receiving means 
receives the decrypted AV data. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig . 1 is a block diagram showing a prior art works 
protecting system; 

Fig. 2 is a state transition diagram of the prior 
art works protecting system; 

Fig. 3 is a block diagram showing a configuration 
of a works protecting system of a first embodiment 
according to the present invention; 

Fig. 4 is a state transition diagram showing an 
operational state of the works protecting system of a 
first embodiment according to the present invention; and 

Fig. 5 is a block diagram showing a configuration 
of a works protecting system of a second embodiment 
according to the present invention. 

25 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
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(First embodiment of the present invention) 

Fig. 3 is a block diagram showing a configuration 
of a works protecting system of a first embodiment 
according to the present invention. Referring to Fig. 3, 
device ID detecting means 70 detects , when a 
transmitting-receiving device on another party is 
connected to a transmission line, a device ID thereof 
through input /output means 60. For a transmission line, 
the IEEE1394 high-speed serial bus is preferable, for 
example. The transmitting-receiving device on another 
party is, for example, a device for transmitting and 
receiving contents of works which is configured to 
comprise input/output means 110, AV data receiving means 
120, decrypting means 130, and authenticating means 140, 
and specifically, a digital television set, a writable 
DVD or DVD-RAM, a digital VTR or D-VHS, or the like is 
preferable. When device ID detecting means 70 detects 
the device ID of the transmitting-receiving device on 
another party, it is checked whether the device ID is 
included in historical information stored in 
authentication histories storing means 80. If the 
historical information includes the device ID, 
authenticating means 50 performs authentication with 
authenticating means 140 on another party. 
The authentication comprises a device 
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authentication operation for mutually checking that both 
devices are devices based on certain rules, and a key 
exchange operation for sharing a cryptographic key for 
simultaneously encrypting and decrypting works. Although 
previously devised various schemes may be used for a 
digital signature scheme and a key distribution scheme 
for authentication, it is preferable to use an elliptic 
DSA (Digital Signature Algorithm) signature and an 
elliptic DH (Dif f ie-Hellman) key distribution. The 
elliptic DSA signature (hereinafter referred to as EC- 
DSA) will be described in the following. The EC-DSA is 
defined in ANSI X9.62 or the like, and the contents 
thereof comprise three stages: key generation, signature 
generation, and signature verification. 

First, the procedure of the key generation is as 
follows . 

(1) EC-DSA key generation 
At device A: 

1. Elliptic curve E formed on ZP is selected. The number 
of points on E(ZP) should be capable to be divided by 
large prime number n. 

2. Point PeE(ZP) for order n is selected. 

3. Integer d which is statically particular and 
unpredictable is selected from interval [l,n-lj. 
4.Q=dP is calculated. 



16 



5. The public key for A is set as (E,P,n,Q) and the secret 
key for A is set as d. 

Next, the procedure of the signature generation is 
as follows . 

(2) EC-DSA signature generation 

At device A, message m is encrypted as follows. 
1 . Integer k which is statically particular and 
unpredictable is selected from interval [l,n-l]. 

2. kP=(xl,yl) and r=xl mod n are calculated, wherein xl is 
considered as one integer, for example by conversion from 
binary representation. If r=0, the procedure returns to 
step 1. (for security reasons. If r=0, encryption 

equation s=k-l{h(m) +dr}mod n does not include secret key 
d.) 

3. k-l mod n is calculated. 

4 . s=k-l{h(m) +dr}mod n is calculated, wherein h is Secure 
Hash Algorithm (SHA-1) . 

5. If s=0, the procedure returns to step 1. (If s=0, s-1 
mod n does not exist; s-1 is required at step 2 for the 
signature verification.) 

6. The signature for message m is set as a set of integers 
(r,s) . 

The procedure of the signature verification is as 
follows . 

(3) EC-DSA signature verification 
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Device B performs the followings to verify 
signature (r,s) for device A in m. 

1. A true copy of public key (E,P,n,Q) for A is obtained. 

2 . Verification that r and s are integers in interval 
[l,n-l] is performed, 

3. w=s-l mod n and h(m) are calculated. 

4 . ul=h(m) w mod n and u2=rw mod n are calculated. 

5. ulP+u2Q=(xO,yO)and v=xO mod n are calculated. 
6. If v=r, the signature is admitted. 

Next, the elliptic DH key distribution (hereinafter 
referred to as EC-DH) will be described. The EC-DH is 
defined in ANSI X9.63 or the like, and the contents 
thereof comprises two stages: key generation and exchange 
and key sharing. 

First, the procedure of the key generation and 
exchange is as follows. 
(l)EC-DH key generation and exchange 
At device A: 

1. Integer x which is statically particular and 

unpredictable is selected from interval [2,n-2]. 

2. a=xP is calculated. 

3. Device A sends a to device B. 
At device B: 

1. Integer y which is statically particular and 
unpredictable is selected from interval [2,n-2]. 
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2. b=yP is calculated. 

3. Device B sends b to device A. 

Next, the procedure of the key sharing is described. 
(2)EC-DH key sharing 

1. At device A, a common key is generated with KA=xb=xyP . 

2. At device B, a common key is generated with KB=xa=xyP . 
3. Since KA=KB , device A and device B share the key. 

After the authentication, whenever an AV data 
transmission direction is provided from a user to command 
input means 10, the command is notified through command 
control means 2 0 to AV data transmitting means 30 which 
starts the transmission of AV data. As command input 
means, a keyboard, a mouse, a remote control, or the like 
is preferable, for example. As AV data, AV data in 
various formats may be utilized, and a transport stream 
compressed in compliance with MPEG 2 standard is 
preferable. As AV data transmitting means 30, a digital 
satellite broadcasting receiver, a receiver for AV data 
from Internet, a DVD apparatus or the like is preferable, 
for example. The AV data is encrypted using a 
cryptographic key at encrypting means 40 and transmitted 
to a transmission line such as the IEEE1394 high-speed 
serial bus through input/output means 60. 

As an encrypting scheme used in the encrypting 
means, various block ciphers previously devised may be 



19 



used. For example , blowfish encryption is preferable. 
In the transmitting-receiving device on another party, 
input /output means 110 receives the encrypted AV data 
from the transmission line such as the IEEE1394 high- 
speed serial bus. Decrypting means 130 decrypts the 
encrypted AV data using the cryptographic key, and AV 
data receiving means 12 0 receives the decrypted AV data. 
The AV data is subjected to MPEG2 decoding as required 
and then displayed and audio-outputted if the 
transmitting-receiving device on another party is a 
digital television set, while the AV data is converted in 
its format as required and then written and saved if the 
transmitting-receiving device on another party is a 
writable DVD apparatus or digital VTR. 

If the historical information does not include the 
device ID on another party, the system waits for an AV 
data transmission direction from a user to command input 
means 10. When a command input, that is, an AV data 
transmission direction is provided, authenticating means 
50 performs authentication with authenticating means 140 
on another party. After the authentication, the device 
ID on another party is recorded as historical information 
in authentication histories storing means 80. AV data 
transmitting means 30 starts transmission of AV data. 
The AV data is encrypted at encrypting means 40 using a 
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cryptographic key and transmitted to the transmission 
line through input/output means 60. In the transmitting- 
receiving device on another party , input/output means 110 
receives the encrypted AV data from the transmission line. 
Decrypting means 130 decrypts the encrypted AV data using 
the cryptographic key, and AV data receiving means 120 
receives the decrypted AV data. 

Fig. 4 is a state transition diagram showing an 
operational state of the works protecting system of the 
first embodiment according to the present invention. 
Referring to Fig. 4, device ID detecting means 7 0 detects 
a device ID on another party (SI). Next, it is checked 
whether the device ID is included in historical 
information stored in authentication histories storing 
means 80 (S2). If the historical information includes 
the device ID, authenticating means 50 performs 
authentication with authenticating means 140 on another 
party (S3). Thereafter, when an AV data transmission 
direction is provided from a user to command input means 
10 (S4), the command is notified through command control 
means 2 0 to AV data transmitting means 30 which starts 
transmission of AV data (S5). 

If the historical information does not include the 
device ID on another party, the system waits for an AV 
data transmission direction from a user to command input 
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means 10. When the AV data transmission direction is 
provided (S6), authenticating means 50 performs 
authentication with authenticating means 140 on another 
party (S7). After the authentication, the device ID on 
5 another party is recorded as historical information in 
authentication histories storing means 80 (S8). AV data 
transmitting means 30 starts transmission of AV data (S5). 
In the subsequent repeated operations, since the device 
ID has been recorded as an authentication history, 

10 authenticating means 50 performs authentication (S3), and 
when an AV data transmission direction is provided form a 
user to command input means 10 (S4), the command is 
notified through command control means 20 to AV data 
transmitting means 30 which starts transmission of AV 

15 data (S5) . 

(Second embodiment of the present invention) 

Next, a second embodiment of the present invention 
will be described in detail with reference to the 
drawings . 

20 Referring to Fig. 5, the present embodiment is 

configured to have a plurality of transmitting-receiving 
devices on the other parties to which contents of works 
are to be transmitted. Specifically, device ID detecting 
means 70 detects, when a transmitting-receiving device is 

25 connected to a transmission line, a device ID thereof 
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through input/output means 60. When device ID detecting 
means 7 0 detects a device ID of a transmitting-receiving 
device on the first other party, it is checked whether 
the device ID is included in historical information 
5 stored in authentication histories storing means 80. If 
the historical information includes the device ID, 
authenticating means 50 performs authentication with 
authenticating means 140 on another party and obtains a 
cryptographic key as a result of key sharing. The 
10 cryptographic key is recorded in cryptographic key 
storing means 90 as a first cryptographic key. When 
\j device ID detecting means 7 0 detects a device ID of a 

ffj transmitting-receiving device on the second other party, 

.? a! % it is checked whether the device ID is included in 

SIX; 

?*§ 15 historical information stored in authentication histories 

s w 
r«t 

,h storing means 80. If the historical information includes 

the device ID, authenticating means 50 performs 
authentication with authenticating means 240 on another 
party and obtains a cryptographic key as a result of key 

20 sharing. The cryptographic key is recorded in 
cryptographic key storing means 90 as a second 
cryptographic key . 

If the historical information does not include the 
transmitting-receiving device ID on the first other party, 

25 the system waits a command input for an AV data 
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transmission direction for the transmit-receiver device 
on the first other party from a user to command input 
means 10 . When the command input for the AV data 
transmission direction is provided, authenticating means 
50 performs a device authentication operation and a key 
exchange operation with authenticating means 140 on the 
first other party. After the device authentication and 
the key exchange operations, the transmitting-receiving 
device ID on the first other party is recorded as 
historical information in authentication histories 
storing means 80. A cryptographic key shared as a result 
of the key exchange operation is recorded as a first 
cryptographic key in cryptographic key storing means 90. 

If the historical information does not include the 
transmitting-receiving device ID on the second other 
party, the system waits a command input for an AV data 
transmission direction for the transmit-receiver device 
on the second other party from a user to command input 
means 10. When the command input for the AV data 
transmission direction is provided, authenticating means 
50 performs a device authentication operation and a key 
exchange operation with authenticating means 2 40 on the 
second other party. After the device authentication and 
the key exchange operations, the transmitting-receiving 
device ID on the second other party is recorded as 
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historical information in authentication histories 
storing means 80. A cryptographic key shared as a result 
of the key exchange operation is recorded as a second 
cryptographic key in cryptographic key storing means 90. 
5 After the authentication and record of the 

cryptographic key, whenever an AV data transmission 
direction for the transmitting-receiving device on the 
first other party is provided from a user to command 
input means 10, the command is notified through command 
fc'jj 10 control means 20 to AV data transmitting means 30 which 

q starts transmission of AV data. The AV data is encrypted 

y at encrypting means 40 using the cryptographic key for 

jpy the transmitting-receiving device on the first other 

p party recorded in cryptographic key storing means 90, and 

fy 15 transmitted to a transmission line through input/output 

• h means 60. In the transmitting-receiving device on the 

first other party, input/output means 110 receives the 
encrypted AV data from the transmission line. Decrypting 
means 130 decrypts the encrypted AV data using the 
20 cryptographic key for the transmitting-receiving device 

on the first other party, and AV data receiving means 120 
receives the decrypted AV data. 

When an AV data transmission direction for the 
transmitting-receiving device on the second other party 
25 is provided from a user to command input means 10, the 

25 



command is notified through command control means 2 0 to 
AV data transmitting means 30 which starts transmission 
of AV data. The AV data is encrypted at encrypting means 
40 using the cryptographic key for the transmitting- 
receiving device on the second other party recorded in 
cryptographic key storing means 90 , and transmitted to a 
transmission line through input/output means 60. In the 
transmitting-receiving device on the second other party, 
input/output means 210 receives the encrypted AV data 
from the transmission line. Decrypting means 2 30 
decrypts the encrypted AV data using the cryptographic 
key for the transmitting-receiving device on the second 
other party, and AV data receiving means 220 receives the 
decrypted AV data. 

As is apparent from the present embodiment, the 
works protecting scheme and apparatus of the present 
invention have an effect that the time from the command 
input from a user for directing transmission of contents 
of works to the start of transmission of the contents of 
works can be substantially reduced as compared with the 
prior art even with a plurality of transmitting-receiving 
devices on the other parties . 

Although the foregoing description shows an example 
in which an AV data transmitter is configured to comprise 
command input means 10 and command control means 20, the 
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AV data transmitter may be configured not to have command 
input means 10 and command control means 20. 

Additionally, although the foregoing description 
shows an example in which the system comprises one AV 
5 data transmitter, the system may be configured to have a 
plurality of AV data transmitters without any loss of 
effects provided by the present invention as a matter of 
course . 

An embodiment configured not to include 
*w 10 authentication histories storing means 80 in the 

S embodiments shown in Fig. 3 and Fig. 5 serves as another 

'lasts? "* 

sj embodiment of the present invention. In this embodiment, 

fy when a transmitting-receiving device is connected to a 

transmission line and a device ID thereof is detected by 
fjj 15 device ID detecting means 70, authenticating means 5 0 

~£ performs authentication with authenticating means on 

another party independently of historical information. 
In the embodiment, since authentication is performed 
independently of historical information, it apparently 
20 has an effect that time can be substantially reduced as 
compared with the prior art even for the first 
transmission of contents of works after a new AV data 
transmitter is connected. 

As described above, the present invention provides 
25 an effect that the time from the command input from a 
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user for directing transmission of contents of works to 
the start of transmission of the contents of works can be 
significantly reduced as compared with the prior art. 

The reason thereof is that when a transmitting- 
receiving device with a history that authentication has 
been previously performed therefor is connected to a 
transmission line, device authentication and key exchange 
are performed before a command is inputted from a user. 
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What is claimed is: 

1. A works protecting system comprising an AV 
data transmitting-receiving device for transmitting 
contents of works and a transmitting-receiving device on 
another party for receiving the works , 
5 wherein said AV data transmitting-receiving 

device comprises command input means , command control 
means, AV data transmitting means, encrypting means, 
first authenticating means, first input/output means, 

*Sj device ID detecting means, and authentication histories 

M 10 storing means, 

\\ wherein said transmitting-receiving device on 

in another party comprises second input/output means, AV 

f«\ data receiving means, decrypting means, and second 

«ii authenticating means, and 

jji 15 wherein said authenticating means performs a 

device authentication operation for mutually checking 
that both said devices are devices based on certain rules, 
and a key exchange operation for sharing a cryptographic 
key for simultaneously encrypting and decrypting the 
20 works when said transmitting-receiving device on another 
party with a history that authentication has been 
previously performed therefor is connected to a 
transmission line . 
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2. A works protecting system comprising an AV 
data transmitting-receiving device for transmitting 
contents of works and a plurality of transmitting- 
receiving devices on the other parties for receiving the 
works , 

wherein said AV data transmitting-receiving 
device comprises command input means , command control 
means, AV data transmitting means, encrypting means, 
first authenticating means, first input/output means, 
device ID detecting means, authentication histories 
storing means, and cryptographic key storing means, 

wherein each of said plurality of 
transmitting-receiving devices on the other parties 
comprises second input/output means, AV data receiving 
means, decrypting means, and second authenticating means, 
and 

wherein said authenticating means performs a 
device authentication operation for mutually checking 
that both said devices are devices based on certain rules, 
and a key exchange operation for sharing a cryptographic 
key for simultaneously encrypting and decrypting the 
works when said transmitting-receiving device on another 
party with a history that authentication has been 
previously performed therefor is connected to a 
transmission line . 
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3. A works protecting system comprising an AV 
data transmitting-receiving device for transmitting 
contents of works and a transmitting-receiving device on 
another party for receiving the works , 

wherein said AV data transmitting-receiving 
device comprises command input means, command control 
means, AV data transmitting means, encrypting means, 
first authenticating means, first input/output means, and 
device ID detecting means , 

wherein said transmitting-receiving device on 
another party comprises second input/output means, AV 
data receiving means, decrypting means, and second 
authenticating means, and 

wherein said authenticating means performs a 
device authentication operation for mutually checking 
that both said devices are devices based on certain rules, 
and a key exchange operation for sharing a cryptographic 
key for simultaneously encrypting and decrypting the 
works when said transmitting-receiving device on another 
party is connected to a transmission line. 

4 . A works protecting method for the works 
protecting system according to claim 1, said method 
comprising the steps of: 
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detecting an ID of said transmitting-receiving 
device on another party with said device ID detecting 
means ; 

checking whether the ID of said transmitting- 
receiving device on another party is included in 
historical information stored in said authentication 
histories storing means; 

performing the device authentication operation 
and the key exchange operation with said second 
authenticating means on another party by said first 
authenticating means, if the ID of said transmitting- 
receiving device on another party is included in the 
historical information; 

notifying the command to said AV data 
transmitting means through said command control means and 
starting transmission of the AV data with said AV data 
transmitting means, when a command input for an AV data 
transmission direction is provided from a user to said 
command input means; 

waiting for a command input for an AV data 
transmission direction from a user to said command input 
means, if the ID of said transmitting-receiving device 
on another party is not included in the historical 
information; 

performing the device authentication operation 
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and the key exchange operation with said second 
authenticating means on another party by said first 
authenticating means, when the command input for the AV 
data transmission direction is provided; 

recording the ID of said transmitting- 
receiving device on another party as historical 
information in said authentication histories storing 
means after the device authentication and the key 
exchange operations ; 

notifying the command to said AV data 
transmitting means through said command control means and 
starting transmission of the AV data with said AV data 
transmitting means; 

encrypting the AV data with said encrypting 
means using the cryptographic key and sending the 
encrypted AV data to said first input/output means; 

sending the encrypted AV data to a 
transmission line with said first input/output means; 

receiving the encrypted AV data from the 
transmission line with said second input/output means; 

decrypting the encrypted AV data with said 
decrypting means using the cryptographic key and sending 
the decrypted AV data to said AV data receiving means; 
and 

receiving the decrypted AV data with said AV 
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data receiving means . 



5. A works protecting method for the works 

« 

protecting system according to claim 2, said method 
comprising the steps of: 

detecting an ID of said transmitting-receiving 
device on a first other party with said device ID 
detecting means; 

checking whether the ID of said transmitting- 
receiving device on the first other party is included in 
historical information stored in said authentication 
histories storing means; 

performing the device authentication operation 
and the key exchange operation with said second 
authenticating means on the first other party by said 
first authenticating means, if the ID of said 
transmitting-receiving device on the first other party is 
included in the historical information; 

recording a cryptographic key shared as a 
result of the key exchange operation as a first 
cryptographic key in said cryptographic key storing 
means ; 

detecting an ID of said transmitting-receiving 
device on a second other party with said device ID 
detecting means; 
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checking whether the ID of said transmitting- 
25 receiving device on the second other party is included in 
historical information stored in said authentication 
histories storing means; 

performing the device authentication operation 
and the key exchange operation with said second 
30 authenticating means on the second other party by said 
first authenticating means, if the ID of said 
transmitting-receiving device on the second other party 
is included in the historical information; 

recording a cryptographic key shared as a 
35 result of the key exchange operation as a second 

cryptographic key in said cryptographic key storing 
means ; 

notifying the command to said AV data 
transmitting means through said command control means and 

40 starting transmission of the AV data with said AV data 
transmitting means, when a command input for an AV data 
transmission direction for said transmitting-receiving 
device on the first other party or for said transmitting- 
receiving device on the second other party is provided 

45 from a user to said command input means; 

waiting for a command input for an AV data 
transmission direction for said transmitting-receiving 
device on the first other party from a user to said 
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command input means, if the ID of said transmitting- 
50 receiving device on the first other party is not included 

in the historical information; 

performing the device authentication operation 

and the key exchange operation with said second 

authenticating means on the first other party by said 
55 first authenticating means, when the command input for 

the AV data transmission direction is provided; 

recording the ID of said transmitting- 

receiving device on the first other party as historical 

information in said authentication histories storing 
60 means after the device authentication and the key 

exchange operations ; 

recording a cryptographic key shared as a 

result of the key exchange operation as a first 

cryptographic key in said cryptographic key storing 
65 means ; 

waiting for a command input for an AV data 
transmission direction for said transmitting-receiving 
device on the second other party from a user to said 
command input means, if the ID of said transmitting- 
70 receiving device on the second other party is not 
included in the historical information; 

performing the device authentication operation 
and the key exchange operation with said second 
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authenticating means on the second other party by said 
75 first authenticating means, when the command input for 

the AV data transmission direction is provided; 

after the device authentication and the key 

exchange operations, recording the ID of said 

transmitting-receiving device on the second other party 
80 as historical information in said authentication 

histories storing means; 

recording a cryptographic key shared as a 

result of the key exchange operation as a second 

cryptographic key in said cryptographic key storing 
85 means ; 

notifying the command to said AV data 
transmitting means through said command control means and 
starting transmission of the AV data to the transmitting- 
receiving device on the first other party or to the 

90 transmitting-receiving device on the second other party 
with said AV data transmitting means; 

encrypting the AV data with said encrypting 
means using the first cryptographic key and sending the 
encrypted AV data to said first input/output means, if 

95 the command input for the AV data transmission direction 
for said transmitting-receiving device on the first other 
party is provided from a user to said command input 
means ; 
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sending the encrypted AV data to a 
100 transmission line with said first input/output means; 

receiving the encrypted AV data from the 
transmission line with said second input/output means on 
the first other party; 

decrypting the encrypted AV data with said 
105 decrypting means on the first other party using the first 
cryptographic key and sending the decrypted AV data to 
said AV data receiving means on the first other party; 
and 

receiving the decrypted AV data with said AV 
110 data receiving means; 

encrypting the AV data with said encrypting 
means using the second cryptographic key and sending the 
encrypted AV data to said first input/output means , if 
the command input for the AV data transmission direction 
115 for said transraitting-receiving device on the second 

other party is provided from a user to said command input 
means ; 

sending the encrypted AV data to a 
transmission line with said first input/output means; 
120 receiving the encrypted AV data from the 

transmission line with said second input/output means on 
the second other party; 

decrypting the encrypted AV data with said 
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decrypting means on the second other party using the 
second cryptographic key and sending the decrypted AV 
data to said AV data receiving means on the second other 
party; and 

receiving the decrypted AV data with said AV 
data receiving means . 

6 . The works protecting method for the works 
protecting system according to claim 4, wherein the 
transmission line for said AV data is IEEE1394 high-speed 
serial bus . 

7 . The works protecting method for the works 
protecting system according to claim 5, wherein the 
transmission line for said AV data is IEEE1394 high-speed 
serial bus . 



39 



ABSTRACT OF THE DISCLOSURE 

Device ID detecting means detects an ID of a device 
on another party. Next, it is checked whether the device 
ID is included in historical information stored in 
authentication histories storing means. If the device ID 
is included in the historical information, authenticating 
means performs authentication with authenticating means 
on another party. Thereafter, when an AV data 
transmission direction is provided from a user to command 
input means, the command is notified through command 
control means to AV data transmitting means which starts 
transmission of AV data. 
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Fig. 1 (Prior Art) 
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Fig. 2 (Prior Art) 
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